January 28, 2011

Those of us in the tech space like to talk about the revolutionary uses of technology. Well, that's all well and good, but there are also actual revolutions.

I got back a couple of weeks ago from a trip that included a trip to the Conciergerie in Paris. Per Wikipedia...

The Conciergerie...had an unpleasant reputation before it became internationally famous as the "antechamber to the guillotine" during the Reign of Terror, the bloodiest phase of the French Revolution. It housed the Revolutionary Tribunal as well as up to 1,200 male and female prisoners at a time. The Tribunal sat in the Great Hall between 2 April 1793 and 31 May 1795 and sent nearly 2,600 prisoners to the guillotine. Its rules were simple. Only two outcomes existed — a declaration of innocence or a death sentence — and in most cases the latter was chosen. The most famous prisoners (and victims) included Queen Marie Antoinette, the poet André Chénier, Charlotte Corday, Madame Élisabeth, Madame du Barryand the Girondins, who were condemned by Georges Danton, who was in turn condemned by Robespierre, who was himself condemned and executed in a final bout of bloodletting. En route to the tumbrils, the victims walked through the Salle Saint-Louis, (Saint Louis Room), which acquired the nickname of the Salle des Perdus, the "Room of the Doomed".

So perhaps this question of revolutions was on my mind as the events of this week unfolded -- and as it became clear the role that social technologies have played in those events.

As I look at the torrent of tweets under the hashtags #jan25 and #egypt, a couple of observations come to mind.

The effort to track those protesting on-line through GPS and through their IP addresses gives me pause to think more seriously about all those privacy compromises we make every day in the name of expediency. I was recently using the beautiful new Washington Post iPAD application. Great app; they might even have the business terms right when it moves from the free trial to actual payment next month. But when I go to tweet an article from the Post app or post it on Facebook, I encounter what seem to be an overly aggressive set of conditions exposing my data. My data. And to do something that is not in my interest, but the Post's. I think I'm going to think twice.

The attempt to shut down the internet and cellular access by the government reminds me that it is not a bad idea to continue to be skeptical about attempts by any government to interject itself into the internet. No matter how well intentioned the reasons may be. No matter how useful a "unique internet identity" might be.

The traffic that has continued to flow despite everything the government has done to shut it off reminds me that decentralized systems will find a way. The Huffington Post did a great graph visualizing the Egyptian internet blackout. The chart shows the traffic essenially falling off a cliff as of 5 PM on the 27th. And yet despite all of this, a quick look at either the #jan25 or #egypt hashtags continues to flow out at 100+ tweets per minute. Remarkable.

There is much that is useful in the standard. As usual, my starting point is wondering about exactly how far we will be able to extend a paper-based records and retention paradigm that began with the printing press into ever increasing volumes and forms of electronic information (check out Julie Colgan's useful post on this topic, Retention Needs an Enema).

One of the things I worry about is the overlay of additional organizational self-inflicted obligations upon an already ambiguous and strained legal framework. One of the issues that I wrote about in Soft Underbelly was the challenge of extending internal retention requirements to public-facing sites.

There are a couple of points in the standard that frankly seem a little strange to me. And I will confess at this point that I am neither a lawyer nor a records manager, so bear with me.

Here are some of the points, and they center around how an organization should interact with public-facing service providers. A few representative recommendations...

The organization should have Service Level Agreements (SLAs) with its social media providers to ensure that the hosted content can be made accessible at any time and stored in non-proprietary and editable formats.

The organization’s SLAs with its social media providers should define how records can be searched, accessed, and made available at the organization’s request.

The organization’s Service Level Agreements (SLAs) should specify how the service providers store/archive their content.

The organization’s SLAs should specify how individual pieces of content can be removed and deleted at the organization’s request.

The organization’s SLAs should specify what the service providers are permitted to do with (how they might use) the organization’s content after it has been deleted from the organization-accessible areas of the provider’s site.

So here's the point that bothers me...

I can certainly see the relevance to providers of hosted services for internal social initiatives. But I have a very hard time seeing the relevance to public-facing social networks (e.g., Facebook, Twitter, and LinkedIn). I can see perhaps requiring review of the policies of public-facing social media providers on which your organization has a presence. But the idea that any of us normal people can have an individual Service Level Agreement with the likes of Facebook or LinkedIn or Twitter that is anything other than what Facebook and Twitter and LinkedIn dictates to us seems unlikely to me.

Being an active user of Facebook, Twitter, and LinkedIn -- where I would venture almost all of the content in question resides -- I can't find anywhere or anyone with whom to even begin a discussion of SLAs. I look forward to my discussion with Mark Zuckerberg about non-proprietary content formats.

And if it's impossible to meet such a recommendation, why start with the assumption that it's even possible? Why start with the assumption that organizations "should" be doing anything other than just determining whether the organization can live with the social provider's policies and practice? And do away with the expectation that an individually appropriate SLA or anything other than acceptance/rejection of the existing policies is in the picture.

Like I said at the beginning, don't get me wrong. A TON of good stuff in the standard; it is certainly way useful given the void that exists. But in whatever version comes next, I'd like a bit more understanding of exactly how to get an SLA with Facebook or LinkedIn or Twitter.

January 27, 2011

AIIM will be hosting a new 1-day virtual conference to address how to implement and manage social technologies this fall. Mark your calendars -- September 8.

Social technologies have the potential to dramatically improve operational flexibility and responsiveness, driving both business growth and innovation. This trend will accelerate with the entry of Millennials into the workforce.

As you implement these social tools, you need to answer these three questions:

How can your organization do so quickly?

How can your organization do so responsibly?

How can your organization do so in a way that achieves a business purpose?

Have you already implemented one or more social technologies within your organization? Did you improve customer or staff engagement? If you have a story you want to share, AIIM is looking for case studies to complement conference presentations from other early adopters, industry experts, and thought leaders.

Please go to this link for details. Each presentation will be 20 minutes followed by a Q&A session. AIIM will prioritize submissions from professionals of end-user organizations. Solution providers and consultants may submit customer implementations, but only on the condition that the end-user, NOT the vendor or consultant is the presenter.

The issue we were talking about was one I hadn't considered before, and related to something we all do -- checking out a potential employee's presence on social media, especially Facebook -- before hiring. In fact, it's one of the things I warn my kids about -- be careful what you post, because it carries risks in how you will be viewed by a potential employer.

It centers around the combination of the all the prohibited topics that HR advises us to AVOID during the interview process -- age, sexual orientation, relationship status, etc. -- and the centrality and visibility of this information on Facebook.

Michelle starts here...

...it is estimated that 45% of companies research a job candidate on the Internet. In a December 2009 survey commissioned by Microsoft, 70 percent of the 275 U.S. recruiters, human resources professionals and hiring managers who responded said they have rejected candidates based on information found online. Thirty-five percent of those employers said they rejected applicants based on membership in certain groups.

You might be thinking, "what could possibly be wrong with finding public information that the job candidate has freely shared on the Internet?" "Having shared that information, the company should be able to ask him about it. After all, the job applicant is not making a secret of it."

So far, so good, that's how 99.9% of the people I know would approach this. But then she notes the following...and goes through a recent case in which an applicant charged discrimination based on the information reviewed by the prospective employer (University of Kentucky) on Facebook...

Now, step back and think for a moment. There are subjects that are considered off limits for employers to ask job applicants about. Under federal law, Title VII of the Civil Rights Act prohibits discrimination when making employment related decisions. A company cannot make hiring, discipline and termination decisions based on any of the following protected factors: race, color, national origin, religion and gender. The Age Discrimination in Employment Act (ADEA) adds to the list with a prohibition on discrimination against individuals who are 40 years or older. And, finally, the Americans With Disabilities Act of 1990 prohibits discrimination against "qualified disabled" individuals. Employment decisions are defined broadly and include promotion, demotion, compensation, and transfers.

Many states add additional areas that are off limits for making employment decisions. For example, California also gives protected status to: sexual orientation, marital status, pregnancy, cancer, political affiliation, genetic characteristics, and gender identity.

It is very easy to see how someone with a Facebook page may post about these protected factors. Thus, the challenge for employers who are researching job applicants, or monitoring the social media activity of their employees, is not to let this protected status information bleed into their employment decisions.

So give her post a look -- and some of the others on her site. Well worth the visit...

January 24, 2011

Now in the spirit of true confession, let me admit that I am a social media zealot. I was an early member of Facebook (according to my daughter, perilously close to the creepy edge before it was mainstream). I've been blogging for years under the Digital Landfill label. Ditto Twitter, pretty early on. Together with Atle Skjekkeland, I launched an early content management social network (InformationZen) on a Ning platform over a weekend after our IT people told us it would be at least 6 months before they could get to it. Inside of AIIM, we were playing around with Yammer before IT even knew what was going on. My list of sins in the name of small business expediency is not insignificant.

All of this was on my mind this week for three reasons.

Firstly, we released a white paper by noted futurist and change agent Geoffrey Moore on Systems of Engagement and the Future of Enterprise IT. The report posed some challenging questions about the world of Systems of Record. It reflected on the ground that we have all been tilling for the ast 20 years and its connection (or some would speculate, lack thereof) to the new world of Systems of Engagement, aka Social Business aka Enterprise 2.0 (so as not to offend any of the legions of consultants who are currently battling over the right term).

Secondly, I spent a good deal of time with a reporter from a major business publication who was interested in the rumors that a major bank (speculation was Bank of America or J.P. Morgan or Citigroup) was the next Wikileaks target. One of the issues we discussed was what this meant for the future of social media. Other than, of course, the obvious conclusion that one should be very suspect of anyone in your organization lip synching to Lady Gaga, who has the largest Twitter following in the world -- 7,829,385 followers.

Lastly, after thinking about both of the above, I started researching a couple of upcoming social media keynotes. I had touched on this topic in a number of previous presentations (see below), but thought that perhaps it was time for a bit more systematic look.

A core purpose of social media is to make organizations more responsive.

A core purpose of social media is to make organizations smarter.

Social media creates a vast new pool of informal and adhoc content available in forms and on devices that were unimaginable only a few years ago.

This content is certainly not usually a record in the traditional sense. It's even more unstructured and informal than email.

Most of our approaches to records and information management are grounded in the old world of paper. We persistently keep trying to extend this paradigm further and further into the world of electronic information, but things are becoming increasingly strained in the process.

But all this social information and content is something that needs management and governance. I hate to even say this, for fear it may put me in the not cool part of the social crowd. Probably the adult version of the crowd I hung around in when I was an all-state bass clarinetist in high school.

Which brings me to the soft underbelly -- not my own, but that of social media.

According to Wikipedia, "underbelly" is "a term used to describe the side which is not normally seen. Figuratively it means a vulnerable or weak part, similar to the term Achilles Heel."

I started to look for best practices -- or even any delineated practice -- relative to how social content is managed. I'm not talking about how to roll out a system or how to encourage people to use it. I'm talking about how this content is managed and governed and retained.

Give it a try. Google a string of terms that are familiar to those of us who have been in the content management business for a while -- "governance" -- "retention" -- "management" -- or God forbid, "records" -- and link the search to "social content" or "social media."

What you come away with is a deafening silence.

Now I'm not one of those curmudgeons who throw up Chicken Little "The Sky is Falling" objections to each and every introduction of technology. As I noted in my intro, I like this stuff and use it a lot.

But sooner or later, we are going to have to getting serious about how we want to manage social content. Because the tension to keep it all (to improve the knowledge base of the organization) vs. the tension to get rid of it all as quickly as possible (to keep the lawyers at bay) is going to escalate quickly. This content is valuable to the business. This content is most likely not a record in the ARMA sense (although some might be). But it is electronically stored information in the FRCP (Federal Rules of Civil Procedure) sense. And for organizations that do "social" well, there will be a hell of a lot of it.

There seem to be two not terribly helpful extremes out there. It feels like the 60s.

On the one hand, we have the "Establishment" records and legal types, the folks that scare the hell out of management relative to social technologies in the workplace and result in the 45% of companies that just ban it. On the other, we have the free love Age of Aquarius types that insist that all the old Establishment types just don't get it when it comes to the social revolution and who the heck cares what a retention schedule is anyway. [Oh gosh, looking at the above paragraph I just realized that anyone under the age of 40 won't know what on earth I'm talking about.]

About the only thing that is passing for a policy and governance environment relative to social systems that I can find is what we first did with email -- we are advising employees on appropriate and inappropriate use, and outlining consequences for misdeeds. In the case of social systems, we are also educating our employees on how and why to use them.

But as we discovered with email, these employee education steps are necessary but not sufficient.

In the end analysis, with email we came to the conclusion that the content itself needed to be managed. We set up policies for email that created a default assumption of deletion within a specified time range, with exceptions for those emails with some specified business importance. In the best of cases, this was automated, but even in the manual case at least we created some policy frame of reference for the management of this content.

Here are some of the issues we need to start thinking about relative to social content in a business environment before the lawyers ambush us at the fork in the control/access road.

Firstly, even though the Wikileaks cable fiasco really had nothing to do with social technologies and had everything to do with the usual caution that the weakest link in our security systems are our people, it will inevitably give ammunition to those ill disposed toward social technologies in the first place. It will highlight the risks associated with adding even more informal and ad hoc conversational content to organizational servers. And this pressure will intensify when Wikileaks turns its attention to the private sector.

Secondly, the courts are increasingly including outside-the-firewall social information in discovery requests. Per The Modern Archivist..."Courts have also found that social media and e-discovery are made for each other. For example:

In Monster Worldwide, Inc. v. HR Guru.biz, HR Guru issued counter-claims that allege Monster Worldwide created and maintained a FaceBook page and Twitter account that infringes trademarks and constitutes an unfair business practice;

In TEKsystems v. Brelyn Hammernik et al, Teksystems alleges that three former employees breached their non-compete agreements by using LinkedIn to contact current employees;

In Bass v Miss Porter’s School, the court found that the content of Plaintiff’s Facebook usage was relevant to both the liability and damages phase of the lawsuit; and

In Horizon Group Management v Amanda Bonnen, alleges that defendant tweeted about her “moldy apartment” which defamed apartment management."

Thirdly, many organizations have policies relative to the old era of systems of record that would seem difficult if not impossible to extend into the era of social technologies. But they are doing so anyway. Often the policy reads something like this (this particular one is for the state of Texas) -- "[Social content on external sites] will be archived and retained for the required period of time in accordance with the DIR Records Retention Schedule."

How exactly are organizations expected to do this with regards to their Facebook, Twitter, LinkedIn, YouTube presences? Whose job is it? Is this a realistic assumption? Do we really care? And yet these policies rooted back in the world of paper still exist. Somebody is going to get nailed at some point for failing to follow their own policies.

My last issue is perhaps the most troubling for me. Social technologies have the ability to transform organizations and make them smarter and more responsive. They can help organizations more quickly come up with answers to difficult questions. They create exponentially more and more varied and more informal information than our kludgy old email systems. The systems become smarter over time as the knowledge base builds. The business imperative of responsiveness and dexterity encourages us to retain this information.

This is all terrific until something occurs that unleashes the lawyers and the e-discovery requests. And then what? The approach of the courts hasn't been that social content is new and different and needs to be treated differently because of the unique benefits it brings to the business and society. Rather, it has been to expand all of the old definitions, created back in the era of very limited amounts of paper documents, into ever-expending (and ever more informal and uncontrollable) rings of discoverable electronic content.

So before this soft underbelly grabs us, why don't we start thinking more seriously about it? Let's get beyond simply providing do's and don'ts about individual appropriate use of social technologies in a business environment. Let's get beyond simply educating people about the benefits of social technology. Let's stop just being cheerleaders.

Let's start thinking systematically about how we should manage and govern and retain all of this ephemeral content. Let's start thinking about how our old system of records definitions need to change. Let's start thinking about a different paradigm for managing information other than just extending the old paper definitions further and further into the world of electronic information. Let's understand that there are risks in just winging it. Let's get on with implementing social technologies, but responsibly.

-----

[Note: After I wrote this, I got a tweet about Julie Colgan's excellent piece Retention Needs an Enemaon the AIIM Records Management Community site. It's well worth checking out.]

January 19, 2011

AIIM has published a new white paper by Geoffrey Moore (of Crossing the Chasm fame) on the future of Enterprise IT.

In the Age of Facebook, organizations must redefine how they think about information management, control, and governance in order to deal with social technologies. In this AIIM White Paper, Geoffrey Moore, author of Crossing the Chasm and Managing Director, TCG Advisors, examines the fundamental revolution underway in enterprise IT brought about by ubiquitous Internet access, the proliferation of powerful mobile computing devices, and the consumerization of IT.

This report compares and contrasts existing Systems of Record – those tools, repositories, and systems upon which organizations have built their business processes for the last several decades – with Systems of Engagement. These tools overlay and complement organizations deep investments in systems of record by providing Web-based access, usability across a variety of hardware and software platforms, and cross-organizational collaboration.

In the report, Moore addresses these important questions:

How will the core value chains within our organizations - innovating, designing, procuring, marketing, selling, servicing, and governing - be impacted by social business systems?

What are the issues facing end users who wish to better leverage their information management systems to: improve operating flexibility, and better engage with customers?

What is the path forward for implementing, sustaining, and managing social technologies effectively and responsibly?

January 13, 2011

I just got back from keynoting a very stimulating Kofax conference in Barcelona. 500+ people and an awful lot of energy in the room. Plus it didn't hurt that the event was in Barcelona, which is just a terrific city.

One of the slides I used seemed to attract a fair amount of attention, so I include it here. I call it my "history of Enterprise IT in one slide" slide so I thought I would share it with my blog readers.

Keep your eyes open for a white paper we'll be releasing next week -- likely on Tuesday. It's called Systems of Engagement and the Future of Enterprise IT and looks closely at the challenge of managing information systems that are much more distributed, informal, and ubiquitous than anything that has been known previously. The current world of transactionally centric content management is not going way -- in fact it is bigger and more robust than ever -- but organizations need to start thinking about how they extend their thinking about governance and taxonomy and compliance and control into this new world.

In the white paper we will outline three key sets of questions related to the incorporation of social technologies in the workplace that organizations need to address...

How do our concepts of control and governance need to change to deal with the new world of systems of engagement?

How will the core value chains within our organizations — innovating, designing, procuring, marketing, selling, servicing, and governing — be impacted by social business systems?

In a world of tight resources, how do we pay for these new systems and still support our legacy systems?

Technological advances over the last two decades have impacted not only our personal lives, but the business world too. While they have created opportunities for businesses, they have also raised challenges. The single-largest challenge faced by organizations across the globe lies within - the challenge of managing information effectively. Whether you are a large enterprise, an independent professional or a small business, managing information effectively is one of the keys to successful operations and survival in tough times.

Most of the information businesses manage is in the form of documents - be it paper based or electronic. Organizations that adopt electronic document management systems (EDMS) definitely have a better grip over business processes. In fact, not having a sound EDMS can present several risks, something that no business can afford.

8 Risks Organizations Can Avoid by Using a Document Management Solution

1 -- Loss of data in the event of a disaster.

The worst nightmare a company can face is answering customer calls and having to tell them that all their data is gone because the archive room just caught fire! Well, it may not be that dramatic, but let's face it - you must be ready to deliver your best and be prepared for the worst. Whilst the worst can be a natural or man-made disaster, the best way to protect your business documents against it is to implement a document management system that not only helps you manage your paper based documents, but also your digital files. This way, the documents will outlive wear and tear caused by physical handling and adverse weather conditions. Moreover, while the only physical way to back your paper documents is to make copies of them and add to your paper mountain, digital files are easy to back up - and retrieve within minutes.

2 -- Time and cost overruns.

Paper archives are simply too time-consuming to be your source of information in the long run. Not only is it difficult to fetch information from a physical document library (especially an offsite one), it also causes a whole range of tasks connected to a business process to queue up; this leads to projects getting delayed and possible cost escalations. You may not feel the pinch during good times; but in an economic downturn, having invested in an EDMS can mean lower costs when it matters most. Also, you no longer need tons of consumables, acres (well, maybe just a few hundred square feet!) of rented space to house your documents; and dedicated (salaried) staff to manage all of this. And other things being constant, lower costs usually translate into a neater bottom-line.

3 -- Communication gaps.

Most business processes involve stages of conception, iteration, research, decision and execution, and then a follow up review. Multiple departments are involved in the entire exercise. When the source documents are not at the fingertips of every stakeholder in this business process, it can hamper smooth communication of ideas and relevant data. This in turn leads to another serious risk…

4 -- Poor or wrong decisions.

Communication gaps imply that your employees may not be armed with complete data for them to carry out their task as expected. This is true especially when some members of the team have the requisite documents in their possession while others do not. Decision makers are faced with time bound goals that they must achieve. If a business decision is made in a hurry and with incomplete data or without the required inputs from the entire team, it could lead to a loss in terms of revenue, market share or other such performance indicators.

5 -- Lost opportunity to delight customers.

When your customer-facing staff have all the documents they need on a single application, just imagine how confident they will be in handling customer issues. But if the source documents have to be retrieved from a box file in another corner of the office building, don't expect the customer to stay on hold or wait patiently for long - you have just lost an opportunity to create a "Wow!" customer experience. Electronic document management can come to your rescue. Having all information the customer needs means a 'First Contact Resolution' and no repeat calls for the same issue - something every business wants to achieve 100 per cent of the time.

6 -- Losing the competitive edge.

Businesses that have an EDMS in place are far better placed to succeed in today's digital age. Better communication, lower costs, quick turnaround times (TAT) and improved productivity and quality levels - all these make an organization highly competitive and give their rivals a run for their money. Not having a sound EDMS means you could lose out on these performance indicators and consequently your competitive edge over a period of time.

7 -- Loss of reputation.

A few small lapses in levels of customer service may not be too detrimental. But when a company's document management policy (or lack of it) leads to a serious strategic or tactical error, it could result in the company's reputation being seriously damaged. This can jeopardize the organization's position in the market in the long term and have a cascading effect on other areas of operation.

8 -- Failing to comply with legal requirements.

Laws like the Sarbanes-Oxley Act (SOX) and the HIPAA require the maintenance of records in an organized way so as to be secure and accessible. Managing paper archives without scanning the documents is undoubtedly tougher than managing documents in electronic formats - electronic documents are easily created, stored, modified, shared and transmitted than paper documents. In the absence of an EDMS, an organization can have a hard time organizing its information repository so that it complies with applicable laws.

-----

The costs of going paperless are actually miniscule compared to the potential consequences of not switching to electronic document management. The eight risks discussed here are just some of the situations that could happen to businesses who don’t adopt EDMS: delaying implementation of an EDMS can have a ripple effect in each of these areas. As with everything else, the hardest step is the first step toward change. Organizations worldwide who have taken this step have seen their operations transformed, getting a return on investment (ROI) that is worth the resources invested by them.

-----

Shiraz Ahmed is the CEO of ITAZ Technologies, which he founded in 1999. ITAZ develops and markets Document Management Software products which are extremely simple to use. ITAZ’s products Globodox and Sohodox have enabled organizations in over 50 countries to reap the benefits of document management without incurring large investments. ITAZ products are designed to enable small to medium businesses to quickly move to a less paper environment. With over 15 years' experience in the software industry, Shiraz is responsible for setting the overall direction and product strategy for the company.